The Password Anti-Pattern and the Login Redirection Anti-Pattern
A few weeks ago, I wrote about about how web sites that manage your data should be more open in order to better protect you. Not so surprisingly, I’m not the only one thinking about this issue. Jeremy Keith has a fantastic detailed write-up regarding what he calls the “password anti-pattern.” It gets at the same fundamental issue I was talking about, but with more interesting detail. It lays out the problem concisely and clearly: [Asking for gmail passwords from your users] teaches people how to be phished. And it mentions OAuth, an effort I only recently learned about, which … Continue reading The Password Anti-Pattern and the Login Redirection Anti-Pattern